• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

linux router question

I have two networks, 192.168.1 and 192.168.2.

Between them sits a linux box, running iptables.  Actually it's a snapgear 530, but that shouldn't matter, it's just an embedded linux.

I want people on the two networks to be able to access machines on the other, but I don't know how to tell it to do this.
I don't want NAT, FULL access to everything... I'll then restrict stuff with IPTABLES.

I'm just not sure how to tell it to do this?

I do know I need to put a route command on my firewall to tell machines to back up and try the other router.
  • 3
  • 2
1 Solution
It is not just a matter of routing.  You need to configure the SnapGear with a second IP address so that it is "on" both network segments.

If the firewall is also providing access to the Internet through the untrust interface ("internet" on a SnapGear), you can set up a second IP address on the LAN interface.  Do this in Advanced IP Configuration from the IP Configuration screen.  You will also need to set up appropriate rules to allow traffic to pass between the two segments.

If the firewall is strictly being used for routing between the segments, you will probably already have the IP addresses set up for the two segments on your LAN and Internet ports.  From here it is a matter of configuring the rules / port forwarding to allow traffic to pass as you want it to.
P.S.  If the firewall is for routing (e.g. one segment on LAN and one on Internet), you would turn off NAT in the Advanced IP Configuration screen as well.
bennybutlerAuthor Commented:
Here's where I'm at.
Router is on both networks,
Gateway on tells all machines to use 2.14 to get to 192.168.2 network.

It works great, any machine on 1 can get to any machine on 2.

Problem is, snapgear wants to play firewall, so anything on 2 wants to be NAT'd to get to 1.  I don't want or need NAT, I just want it to treat the 'internet' interface the same as it does the 'wan' interface.
bennybutlerAuthor Commented:
maybe I need to create a reverse of this:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
   12   720 EstabRelFwd  all  --  *      *            
    6   360 LanFwd     all  --  eth0   *            
    0     0 WanFwd     all  --  eth1   *            
    0     0 DefDeny    all  --  *      *  
SnapGear it is a purpose built firewall appliance that uses embedded Linux.  So trying to get it to "forget" it is a firewall is not really a supported configuration.  But you should be able to do it.  Having said this, I will suggest that buying a cheap Linksys or Netgear router might work better for you.

I only have access to a SnapGear 550, so am having to assume that your interface is at least similar.  Can you turn off NAT in the Advanced IP Configuration as suggested above?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now